Software Testing Lab Manual (22518)Practical 5

Software Testing Lab Manual (22518)

Practical 5 : Validate login procedure  for E-Commerce Website.

* Practical Related Questions.

1)What are the security model threats for E Commerce System ? 

Ans=>The most Common security threats are :

           1)phishing attacks

           2) Money Thefts

           3)Data Misuse 

           4)hacking 

           5)Credit Card Fraud

           6)Unprotected Services  

           7)Inaccurate management

           8)One of the main   reasons for E-commerce  is poor management.

2)List different authentication protocols that can be used in providing security for E- commence system.

Ans=> 1)CHAP :- Challenge handshake authentication Protocol.

            2)EAP :- Extensible Authentication protocol

            3)PAP:-Password Authentication Protocol 

            4) TACACS ,XTACACS and TACACS+

            5)DIAMETER

            6)kerberos(Protocol)

3) Describe  various  encryption techniques  that can be used to provide storing login credentials 

Ans=>  1)Triple DES – Replaces Data encryption standard(DES) algorithm, uses 3 individual keys with 56 bit.TripleDES is an advanced DES form that applies the DES cipher algorithm thrice to all the data blocks. They are used to encrypt ATM PINs, etc. 

            2)RSA – Public encryption algorithm to protect the data over the internet. It is an asymmetric key encryption algorithm that uses public and private keys. RSA is an algorithm based on the factorization of the product of two prime numbers. If the receiver knows these numbers only then, he/she can decrypt the message. RSA finds its applications in digital signatures but is often slow when a large volume of data is to be encrypted. 

            3)Blowfish – It splits the message into 64 bits and encrypts them, which is used in certain payment gateways. It is fast, effective, and flexible. Blowfish finds its application in embedded systems and has been deemed reasonably secure. 

            4)Twofish – Keys in this algorithm are 256 bits in length and it is a symmetric key encryption technique. Twofish is still in use by many file and folder encryption software solutions. It is a license-free technique to encrypt 128 bits of a data block, it also always encrypts data in rounds of 16, which makes it slower. 

            5)AES – Advanced encryption standard, trusted by many standard organizations. It can encrypt 128-bit, 192-bit as well as 256-bit. AES is a symmetric encryption algorithm that is mostly in use today. AES is used for both rest data as well as at transit.

*Exercise : 

1) Prepare Test cases  to register yourself on any E commerce Website.

Ans=> 

1. Verify that all the specified fields are present on the registration page.
2. Verify that the required/mandatory fields are marked with * against the field.
3. Verify that for better user interface dropdowns, radio buttons and checkboxes, e fields are displayed wherever possible instead of just textboxes
4. Verify the page has both submit and cancel/reset buttons at the end.
5. Verify that clicking submits button after entering all the required fields, submits the data to the server.
6. Verify that clicking cancels/reset button after entering all the required fields, cancels the submit request, and reset all the fields.
7. Verify that whenever possible validation should take place at client side
8. Verify that not filling the mandatory fields and clicking the submit button will lead to validation error.
9. Check validation on the date and email fields (only valid dates and valid email Ids should be allowed.
10. Check validation on numeric fields by entering alphabets and special characters.
11. Verify that leading and trailing spaces are trimmed.
12. Verify that entering blank spaces on mandatory fields leads to validation error.
13. Verify that after making a request to the server and then sending the same request again with the same unique key will lead to server-side validation error.